In advance of RSAC, Rapid7 unveiled its latest research paper, highlighting the real-life experiences of dozens of penetration testers to help demystify the occult art of hacking for hire.
Taking the results of 128 penetration tests conducted by Rapid7 throughout Q4 2016, key findings included:
– Only 33% of client sites had no found vulnerabilities, showing the significant needed improvement on enterprise security.
– Of the 86% of engagement where credential theft was in scope, two-factor authentication was simply not a factor. Considering the millions of large-scale breaches in 2016, and the endemic problem of password reuse, this finding was particularly disheartening.
– Despite the recent uptick in online industrial espionage, the surveyed organisations seemed the least interested in protecting copyrighted material, digital certificates, source code or trade secrets.
More details about the report can also be found here: https://community.rapid7.com/community/infosec/blog/2017/02/08/under-the-hoodie-actionable-research-from-penetration-testing-engagements
Tod Beardsley, Research Director at Rapid7:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.